package com.linewell.config;

import org.springframework.beans.factory.annotation.Configurable;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * @Title: IdeaProject
 * @description: SpringSecurity 自定义配置
 * @author: hyuhuang@linewell.com
 * @since:2018/6/28
 */
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter{

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()    //定义那些URL要被验证，
                .antMatchers("/").access("hasRole('READER')")
                .antMatchers("/register.html").permitAll()    //定义哪个页面不需要验证就可以访问
//                .anyRequest()               // 任何请求,登录后可以访问
                .and()
                .formLogin()          //定义表单登录后，转到哪个页面
                .loginPage("/login")  //转到/login下
                .loginProcessingUrl("/")  // 自定义的登录接口
                .failureUrl("/register.html"); //验证错误后转到哪个页面
    }
}
